Full_Name: Paolo Meschi
Version: 2.X HEAD
OS: Linux
URL: http://www.paolomeschi.com/patches/openldap/openldap-userpassword-compare.patch
Submission from: (NULL) (82.60.63.158)
Trying to compare the userPassword attribute, that contains a crypted password
(like this: {crypt}qWe2pXud183), with the cleartext password, OpenLDAP returned
me LDAP_COMPARE_FALSE. However, if I put a cleartext password in userPassword,
it returns LDAP_COMPARE_TRUE.
So, as I can see OpenLDAP doesn't crypt (with the proper function) the password
passed by the client before compare it, as many other LDAP servers (like Sun
Directory Services) do.
This patch should fix this behaviour:
http://www.paolomeschi.com/patches/openldap/openldap-userpassword-compare.patch
(A copy of this mail has been sent to the devel mailing list)

Followup 3

I think this is in general a bad idea. It's already noted as such in the
README, which is fine. The code generally looks pretty good, although it would
need to be updated for cn=config support. Does anyone else see a reason to
integrate this and get it working with cn=config?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/